Security cameras are vulnerable to attacks using infrared light: study

September 19, 2017

Ben-Gurion University of the Negev (BGU) researchers have demonstrated that security cameras infected with malware can receive covert signals and leak sensitive information from the very same surveillance devices used to protect facilities.

The method, according to researchers, will work on both professional and home , and even LED doorbells, which can detect infrared light (IR), not visible to the human eye.

In the new paper, the technique the researchers have dubbed "aIR-Jumper" also enables the creation of bidirectional, covert, optical communication between air-gapped internal networks, which are computers isolated and disconnected from the internet that do not allow for remote access to the organization.

The cyber team led by Dr. Mordechai Guri, head of research and development for BGU's Cyber Security Research Center (CSRC), shows how IR can be used to create a covert communication channel between malware installed on an internal computer network and an attacker located hundreds of yards outside or even miles away with direct line of sight. The attacker can use this channel to send commands and receive response messages.

To transmit sensitive information, the attacker uses the 's IR-emitting LEDs, which are typically used for night vision. The researchers showed how malware can control the intensity of the IR to communicate with a remote attacker that can receive signals with a simple camera without detection. Then the attacker can record and decode these signals to leak .

The researchers shot two videos to highlight their technique. The first video shows an attacker hundreds of yards away sending infrared signals to a camera. The second video shows the camera infected with malware responding to covert signals by exfiltration data, including passwords.


According to Dr. Guri, "Security cameras are unique in that they have 'one leg' inside the organization, connected to the internal networks for purposes, and 'the other leg' outside the organization, aimed specifically at a nearby public space, providing very convenient optical access from various directions and angles."

Attackers can also use this novel covert channel to communicate with malware inside the organization. An can infiltrate data, transmitting hidden signals via the camera's IR LEDs. Binary data such as command and control (C&C) messages can be hidden in the video stream, recorded by the surveillance cameras, and intercepted and decoded by the residing in the network.

"Theoretically, you can send an infrared command to tell a high-security system to simply unlock the gate or front door to your house," Guri says.

Explore further: Cyber researchers discover how any network router can covertly leak data

More information: aIR-Jumper: Covert Air-Gap Exfiltration/Infiltration via Security Cameras & Infrared (IR), arXiv:1709.05742 [cs.CR] arxiv.org/abs/1709.05742

Related Stories

Desktop scanners can be hijacked to perpetrate cyberattacks

March 28, 2017

A typical office scanner can be infiltrated and a company's network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of ...

Cellphones can steal data from 'air-gapped computers'

July 28, 2015

Researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have discovered that virtually any cellphone infected with a malicious code can use GSM phone frequencies to steal critical information ...

BitWhisper turns up heat on air-gap security

March 24, 2015

Ben Gurion University reported Monday that researcher Mordechai Guri, assisted by Matan Munitz and guided by Prof. Yuval Elovici, uncovered a way to breach air-gapped systems—that's quite something considering that air-gapped ...

Recommended for you

Volvo to supply Uber with self-driving cars (Update)

November 20, 2017

Swedish carmaker Volvo Cars said Monday it has signed an agreement to supply "tens of thousands" of self-driving cars to Uber, as the ride-sharing company battles a number of different controversies.

New method analyzes corn kernel characteristics

November 17, 2017

An ear of corn averages about 800 kernels. A traditional field method to estimate the number of kernels on the ear is to manually count the number of rows and multiply by the number of kernels in one length of the ear. With ...

5 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

andyf
5 / 5 (5) Sep 19, 2017
Yawn.

I think the first article I read on this subject was that compromised computers could use floppy disc access lights to bridge an air gap. That was a long time ago.

There have been many similar articles since then and I'm waiting for one that reports that data can be transmitted via infra-red by controlling the cpu load of a compromised computer. Or whatever.

First you would need to compromise the air-gapped computer - if it isn't already compromised, it won't make any difference how you blink your floppy lights or IR sources.
nxtr
not rated yet Sep 20, 2017
Small matter of compromising a camera with code. I guess disassembly on a ladder? Or internal access. My question is how two separate networks then use light to get info with the cam net from the data network.
Cusco
5 / 5 (1) Sep 21, 2017
From the article it looks like you need two separate chunks of malware installed, one on the camera and the other on some device within the network. Then the two pieces of malware would need to find each other in order to communicate. Truthfully, if you can do those three things on an air-gapped network then you could probably do some **far** more interesting things on that network.
Da Schneib
not rated yet Sep 22, 2017
The question is not how; the question is the threat surface. This is simple to interdict, but requires that the feed from the camera be scanned by a stateful firewall. If you're looking, and you're not firewalled, you're vulnerable.
Nik_2213
not rated yet Sep 22, 2017
When is a vandalised security camera a 'hack attack' ??

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.